backup

goldmine-dms · Jan 23, 2013 · 3744b6d · 3744b6d
1 parent 36c02cf
commit 3744b6d
Show file tree

Hide file tree

Showing 21 changed files with 700 additions and 143 deletions.
diff --git a/goldmine/api/__init__.py b/goldmine/api/__init__.py
@@ -6,7 +6,7 @@
 from goldmine.models import *
 from goldmine.controller import *
 
-@apimethod(username="string", password="string")
+@apimethod
 def authenticate(username, password):
     """ 
     Authenticate a user 

diff --git a/goldmine/api/activity.py b/goldmine/api/activity.py
@@ -4,16 +4,26 @@
 """
 Activity functions
 """
+from storm.locals import *
+
 from goldmine import *
 from goldmine.db import db
 from goldmine.models import *
 from goldmine.controller import *
 
-@apimethod.auth(activity_id="uuid")
+@apimethod.auth
 def get(activity_id):
-
-    activity_id = uuid(activity_id)
-    return not_empty(db().get(structure.Activity, activity_id)) 
+    activity_id = uuid(activity_id, user)
+    activity = not_empty(db().get(structure.Activity, activity_id)).serialize()
+
+    # limit access to studies
+    studies = []
+    for study in activity["studies"]:
+        if resolver.get("study.access", user)(study["id"], min_role="read"):
+            studies.append(study)
+
+    activity["studies"] = studies
+    return activity
 
 @apimethod.auth
 def all(project=None):
@@ -22,18 +32,21 @@ def all(project=None):
 
 @apimethod.auth
 def search(keyword):
-    rs = db().find(structure.Activity, structure.Activity.name == keyword).order_by(structure.Activity.name) #FIXME like search + dscr
+
+    keyword = "%%%s%%" % keyword
+    rs = db().find(structure.Activity, Or(structure.Activity.name.like(keyword), structure.Activity.description.like(keyword)))
+    rs = rs.order_by(structure.Activity.name)
     return rs_to_list(rs)
 
-@apimethod.auth("activity.create", project_id="uuid", location="location")
+@apimethod.auth("activity.create")
 def create(project_id, name, description=None, location={}):
 
     activity = structure.Activity()
     activity.project = db().get(structure.Project, uuid(project_id))
     activity.name = name
     activity.description = description
 
-    if len(location) :
+    if len(location):
         loc = structure.Location.from_struct(location)
         activity.location = db().add(loc)
 

diff --git a/goldmine/api/dataset/__init__.py b/goldmine/api/dataset/__init__.py
@@ -14,39 +14,52 @@
 
 @apimethod.auth
 def get(dataset_id):
-    #FIXME: User has access?
-    dataset_id = uuid(dataset_id)
+    dataset_id = uuid(dataset_id, user)
     ds = not_empty(db().get(dataset.Dataset, dataset_id))
+    check_access(user, ds.study_id, "read")
     return ds
 
 @apimethod.auth
 def fork(from_dataset_id, to_dataset_id, fork_type="derived"):
-    #FIXME: User has access?
     #FIXME: Check for circular graph
-    from_dataset_id = uuid(from_dataset_id)
-    to_dataset_id = uuid(to_dataset_id)
+    from_dataset_id = uuid(from_dataset_id, user)
+    to_dataset_id = uuid(to_dataset_id, user)
 
     from_dataset = not_empty(db().get(Dataset, from_dataset_id))
     to_dataset = not_empty(db().get(Dataset, to_dataset_id))
 
+    check_access(user, from_dataset.study_id, "read")
+    check_access(user, to_dataset.study_id, "write")
+
     # FIXME: pass on to private function, what happens to user?
     return do_fork(from_dataset, to_dataset, user)
 
-@apimethod.auth
-def close(dataset_id):  
-    #FIXME: User has access?
-    dataset_id = uuid(dataset_id)
+@apimethod.auth("dataset.close")
+def close(dataset_id):
+
+    # Fixme: only owner should be able to close
+
+    dataset_id = uuid(dataset_id, user)
     ds = not_empty(db().get(dataset.Dataset, dataset_id))
+
+    check_access(user, ds.study_id, "write")
+
     if ds.closed is None:
         ds.closed = datetime.datetime.now()
     else:
         raise Exception("Dataset already closed")
 
-@apimethod.auth
+@apimethod.auth("dataset.purge")
 def purge(dataset_id):  
-    #FIXME: User has access?
-    dataset_id = uuid(dataset_id)
+
+    # Fixme: only owner should be able to purge?
+
+    dataset_id = uuid(dataset_id, user)
     ds = not_empty(db().get(dataset.Dataset, dataset_id))
+
+    check_access(user, ds.study_id, "write")
+
+
     if ds.closed is None:
         db().remove(ds)
         #FIXME: cascade
@@ -72,10 +85,11 @@ def do_fork(from_dataset, to_dataset, user, fork_type="derived"):
 
 
 def create(type, study, description, dataset_forked_from=None, fork_type="derived"):
-    #FIXME: User has access?
+
+    check_access(user, study.id, "write")
 
-    s = resolver.get("dataset.supported_dataset_types", user)
-    if type not in s():
+    supported = resolver.get("dataset.supported_dataset_types", user)()
+    if type not in supported:
         raise Exception("Unsupported type")
 
     ds = dataset.Dataset()
@@ -86,11 +100,16 @@ def create(type, study, description, dataset_forked_from=None, fork_type="derive
     ds = db().add(ds)
 
     if dataset_forked_from is not None:
-        from_dataset_id = uuid(dataset_forked_from)
+        from_dataset_id = uuid(dataset_forked_from, user)
         from_dataset = not_empty(db().get(dataset.Dataset, from_dataset_id))
         #FIXME
         do_fork(from_dataset, ds, user, fork_type)
 
     return ds
 
 
+def check_access(user, study_id, role, throw=True):
+    if not resolver.get("study.access", user)(study_id, min_role=role):
+        if throw: raise UnauthorizedException("You are not authorized to view this dataset")
+        return False
+    return True
diff --git a/goldmine/api/dataset/sequence/__init__.py b/goldmine/api/dataset/sequence/__init__.py
@@ -15,19 +15,22 @@
 
 @apimethod.auth
 def get(dataset_id):
-    #FIXME: User has access?
-    return sequence_from_dataset(dataset_id)
-
+    sequence = sequence_from_dataset(dataset_id, user)
+    check_access(user, sequence.dataset.study_id, "read")
+    return sequence
+
 @apimethod.auth("dataset.sequence.create")
 def create(study_id, description, index_type_id, index_marker_type="point", index_marker_location="center", dataset_forked_from=None):
 
-    study_id = uuid(study_id)
-    index_type_id = uuid(index_type_id)
+    study_id = uuid(study_id, user)
+    check_access(user, study_id, "write")
+
+    index_type_id = uuid(index_type_id, user)
     study = not_empty(db().get(structure.Study, study_id))
     index_type = not_empty(db().get(dataset.Type, index_type_id))
 
-    #FIXME unclean
-
+
+    #FIXME unclean    
     parent = resolver.get("dataset.create", user)(u"sequence", study, description, dataset_forked_from)
 
     sequence = dataset.sequence.Sequence()
@@ -41,13 +44,14 @@ def create(study_id, description, index_type_id, index_marker_type="point", inde
 
 @apimethod.auth
 def add_parameter(dataset_id, type_id, uncertainty_value=None, uncertainty_type="absolute", storage="float"):
-    #FIXME: User has access?
-    sequence = sequence_from_dataset(dataset_id)
-
+
+    sequence = sequence_from_dataset(dataset_id, user)
+    check_access(user, sequence.dataset.study_id, "write")
+
     if sequence.dataset.closed:
         raise Exception("Dataset is closed")
 
-    type_id = uuid(type_id)
+    type_id = uuid(type_id, user)
     type = not_empty(db().get(dataset.Type, type_id))
 
     param = dataset.sequence.Parameter()
@@ -86,13 +90,12 @@ def add_data(dataset_id, index, parameter_id, value, uncertainty = None, uncerta
                                         for corresponding parameter ids
     """
 
-    sequence = sequence_from_dataset(dataset_id)
-
+    sequence = sequence_from_dataset(dataset_id, user)
+    check_access(user, sequence.dataset.study_id, "write")
+
     if sequence.dataset.closed:
         raise Exception("Dataset is closed")
-
-    # FIXME user has access?
-
+
     if type(index) in [tuple, list]:
 
         if sequence.index_marker_type != "span":
@@ -165,11 +168,10 @@ def get_data(dataset_id, parameter_id=None, limit_min=None, limit_max=None):
     limit_max:          not set        - no upper index limit
                         int, float     - upper index limit specified by number
     """
-
-    #FIXME user has access
-
-    sequence = sequence_from_dataset(dataset_id)
 
+    sequence = sequence_from_dataset(dataset_id, user)
+    check_access(user, sequence.dataset.study_id, "read")
+
     has_span = sequence.index_marker_type == "span"
 
     if parameter_id is None:
@@ -276,16 +278,26 @@ def get_data(dataset_id, parameter_id=None, limit_min=None, limit_max=None):
 
 @apimethod.auth
 def add_metadata(dataset_id, parameter_id=None, index_id=None, datapoint_id=None):
-    sequence = sequence_from_dataset(dataset_id)
+    sequence = sequence_from_dataset(dataset_id, user)
+    check_access(user, sequence.dataset.study_id, "write")
+
     # FIXME missing implementation
     pass
 
 
 # UTIL
-def sequence_from_dataset(dataset_id):
-    dataset_id = uuid(dataset_id)
+def sequence_from_dataset(dataset_id, user):
+    dataset_id = uuid(dataset_id, user)
     return not_empty(db().find(dataset.sequence.Sequence, dataset.sequence.Sequence.dataset_id == dataset_id).one())
 
+
+def check_access(user, study_id, role, throw=True):
+    if not resolver.get("study.access", user)(study_id, min_role=role):
+        if throw: raise UnauthorizedException("You are not authorized to view this sequence")
+        return False
+    return True
+
+
 """
     
 @needauth    

diff --git a/goldmine/api/dataset/type.py b/goldmine/api/dataset/type.py
@@ -5,16 +5,17 @@
 """
 Dataset.Type functions
 """
+from storm.locals import *
 
 from goldmine import *
 from goldmine.db import db
 from goldmine.models import *
 from goldmine.controller import *
 
 
-@apimethod
+@apimethod.auth
 def get(type_id):
-    type_id = uuid(type_id)
+    type_id = uuid(type_id, user)
     return not_empty(db().get(dataset.Type, type_id))
 
 
@@ -39,5 +40,7 @@ def all():
 
 @apimethod
 def search(keyword):
-    rs = db().find(dataset.Type, dataset.Type.name == keyword).order_by(dataset.Type.name)
-    return rs_to_list(rs)
+    keyword = "%%%s%%" % keyword
+    rs = db().find(dataset.Type, Or(dataset.Type.name.like(keyword), dataset.Type.description.like(keyword)))
+    rs = rs.order_by(dataset.Type.name)
+    return rs_to_list(rs)
diff --git a/goldmine/api/favorite.py b/goldmine/api/favorite.py
@@ -0,0 +1,72 @@
+#!/usr/bin/env python
+#-*- coding:utf-8 -*-
+
+"""
+Favorite functions
+"""
+
+import string
+
+from storm.locals import *
+
+from goldmine import *
+from goldmine.db import db
+from goldmine.models import *
+from goldmine.controller import *
+
+@apimethod.auth
+def get(name):
+    rs = db().find(auth.Favorite, auth.Favorite.name == name, auth.Favorite.user == user)
+    return not_empty(rs.one())
+
+@apimethod.auth
+def get_by_reference(id, type):
+    id = uuid(id)
+    rs = db().find(auth.Favorite, 
+            auth.Favorite.ref_id == id, 
+            auth.Favorite.ref_type == type, 
+            auth.Favorite.user == user)
+    return rs.one()
+
+@apimethod.auth
+def all():
+    rs = db().find(auth.Favorite, auth.Favorite.user == user).order_by(auth.Favorite.name)
+    return rs_to_list(rs)
+
+@apimethod.auth
+def add(name, reference_id, reference_type="dataset"):
+
+    if reference_type not in auth.Favorite.REFMAP:
+        raise TypeError("Invalid reference type")
+
+    if name != valid_name(name):
+        raise TypeError("Invalid name, no spaces or special characters!")
+
+    favorite = auth.Favorite()
+    favorite.name = name
+    favorite.user = user
+    favorite.ref_id = uuid(reference_id)
+    favorite.ref_type = reference_type
+
+    return db().add(favorite)
+
+
+@apimethod.auth
+def remove(name):
+    rs = db().find(auth.Favorite, auth.Favorite.name == name, auth.Favorite.user == user)
+    favorite = not_empty(rs.one())
+
+    if favorite.user == user:
+        db().remove(favorite)
+    else:
+        raise TypeError("Not your favorite!")
+
+@apimethod.auth
+def resolve(name):
+    rs = db().find(auth.Favorite, auth.Favorite.name == name, auth.Favorite.user == user)
+    favorite = not_empty(rs.one())
+    return unicode(favorite.ref_id)
+
+def valid_name(name):
+    valid_chars = "-_.%s%s" % (string.ascii_letters, string.digits)
+    return ''.join(c for c in name if c in valid_chars)